CVE-2020-2499

Summary

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QESunspecified < 2.1.1affected

Weaknesses

  • CWE-259: CWE-259 Use of Hard-coded Password
  • CWE-798: CWE-798 Use of Hard-coded Credentials
  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References